From owner-freebsd-isp  Tue Oct  6 23:03:26 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA16589
          for freebsd-isp-outgoing; Tue, 6 Oct 1998 23:03:26 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from gjp.erols.com (alex-va-n008c079.moon.jic.com [206.156.18.89])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA16583
          for <freebsd-isp@FreeBSD.ORG>; Tue, 6 Oct 1998 23:03:24 -0700 (PDT)
          (envelope-from gjp@gjp.erols.com)
Received: from gjp.erols.com (gjp@localhost.erols.com [127.0.0.1])
	by gjp.erols.com (8.8.8/8.8.7) with ESMTP id CAA05210;
	Wed, 7 Oct 1998 02:02:52 -0400 (EDT)
	(envelope-from gjp@gjp.erols.com)
X-Mailer: exmh version 2.0.1 12/23/97
To: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
cc: Graeme Tait <U@webcom.com>, freebsd-isp@FreeBSD.ORG
From: "Gary Palmer" <gpalmer@FreeBSD.ORG>
Subject: Re: How to share accounts between mail/pop and web servers? 
In-reply-to: Your message of "Tue, 06 Oct 1998 22:24:38 CDT."
             <3.0.3.32.19981006222438.00f7f438@207.227.119.2> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 07 Oct 1998 02:02:51 -0400
Message-ID: <5206.907740171@gjp.erols.com>
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

"Jeffrey J. Mountin" wrote in message ID
<3.0.3.32.19981006222438.00f7f438@207.227.119.2>:
> At least with my suggestion along with using a /some/where/else/passwd file, 
> it's easy to share the passwords.

All the popular servers that I've used (qpopper, sendmail, apache, etc) can 
work with non-getpass* routines with minimal work. This also drastically 
increases the security of the machine, as the real password information can be 
kept hidden from the daemons and hence from the outside world. It also gets 
around UID limits inherent in some systems (e.g. NFS, other unixes), as you 
don't need to assign unique UID's either (although stuff like ftpd, apache, 
etc needs work to stop people from having access to other peoples files)

> At least until his users number in the 10's of thousands on up, which just
> begs to have a central location for user vitals.

Anywhere over 10k also begs not to be using the berkeley DB format. Put your 
information into Postgres, MySQL, etc and then generate CDB files regularly 
and push them out to the servers. Or use LDAP (if you can find a server which 
(a) works, (b) isn't netscape, and (c) scales)

But don't use DBM. It gets really slow to build the larger files.

Gary
--
Gary Palmer                                          FreeBSD Core Team Member
FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message